Candidate: CVE-2018-7651
PublicDate: 2018-03-04 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7651
 https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
 https://github.com/zkat/ssri/issues/10
 https://nodesecurity.io/advisories/565
Description:
 index.js in the ssri module before 5.2.2 for Node.js is prone to a regular
 expression denial of service vulnerability in strict mode functionality via
 a long base64 hash string.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891980
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM]


Patches_node-ssri:
upstream_node-ssri: needs-triage
precise/esm_node-ssri: DNE
trusty_node-ssri: DNE
trusty/esm_node-ssri: DNE
xenial_node-ssri: DNE
artful_node-ssri: DNE
bionic_node-ssri: needs-triage
cosmic_node-ssri: ignored (reached end-of-life)
disco_node-ssri: not-affected (5.2.4-2)
eoan_node-ssri: not-affected (5.2.4-2)
focal_node-ssri: not-affected (5.2.4-2)
groovy_node-ssri: not-affected (5.2.4-2)
hirsute_node-ssri: not-affected (5.2.4-2)
impish_node-ssri: not-affected (5.2.4-2)
jammy_node-ssri: not-affected (5.2.4-2)
devel_node-ssri: not-affected (5.2.4-2)